We run a primary school where lots of people know the student passwords. Internal security wise we aren’t too stressed. Currently all those passwords are stored in a bunch of excel files which get passed around to who needs them such as teachers of that students. This is a pain.
We are looking at moving to a more automated system. First thought was using reversible encryption on the student accounts, having a internal webpage that staff could login to and they could see students that they need access to. I’m not having fun figuring out how to get the encrypted password. Would prefer to run it in python for the web aspect of things and the best I’ve come up with is that it executes a powershell script to get the passwords. Doing it the reverse encryption way ensures I always get the most up to date password.
Another way I think is a possibility it using the password filter functionality to do something like update a separate database whenever a password is changed although I haven’t looked too far into this.
In the end we need something better then excel sheets. The actual decryption and stuff I’m feeling comfortable with it’s the retrieving the keys I’m scratching my head about. Which is why I’m leaning to having a separate database to read the passwords from. At this point I’m thinking making it the job of whoever changes a password has to also update the database. That or you change the passwords on whatever system manages the database and that then changes it in AD.
I’m spiraling and would just like some input. Thank you.